@alejoamiras/tee-rex 4.0.0-devnet.2-patch.0

package/dist/lib/tee-rex-prover.js

@@ -0,0 +1,140 @@
+import { BBLazyPrivateKernelProver } from "@aztec/bb-prover/client/lazy";
+import { ChonkProofWithPublicInputs } from "@aztec/stdlib/proofs";
+import { schemas } from "@aztec/stdlib/schemas";
+import ky from "ky";
+import ms from "ms";
+import { Base64, Bytes } from "ox";
+import { UnreachableCaseError } from "ts-essentials";
+import { joinURL } from "ufo";
+import { z } from "zod";
+import { verifyNitroAttestation } from "./attestation.js";
+import { encrypt } from "./encrypt.js";
+import { logger } from "./logger.js";
+export const ProvingMode = {
+    local: "local",
+    remote: "remote",
+};
+/**
+ * Aztec private kernel prover that can generate proofs locally or on a remote
+ * tee-rex server running inside an AWS Nitro Enclave.
+ *
+ * In remote mode, witness data is encrypted with the server's attested public
+ * key (curve25519 + AES-256-GCM) before being sent over the network.
+ */
+export class TeeRexProver extends BBLazyPrivateKernelProver {
+    apiUrl;
+    #provingMode = ProvingMode.remote;
+    #attestationConfig = {};
+    constructor(apiUrl, ...args) {
+        super(...args);
+        this.apiUrl = apiUrl;
+    }
+    /** Switch between local WASM proving and remote TEE proving. */
+    setProvingMode(mode) {
+        this.#provingMode = mode;
+    }
+    /** Update the tee-rex server URL used for remote proving. */
+    setApiUrl(url) {
+        this.apiUrl = url;
+    }
+    /** Configure attestation verification (PCR checks, freshness, require TEE). */
+    setAttestationConfig(config) {
+        this.#attestationConfig = config;
+    }
+    async createChonkProof(executionSteps) {
+        switch (this.#provingMode) {
+            case "local": {
+                logger.info("Using local prover", {
+                    steps: executionSteps.length,
+                    functions: executionSteps.map((s) => s.functionName),
+                });
+                const start = performance.now();
+                const result = await super.createChonkProof(executionSteps);
+                logger.info("Local proof completed", {
+                    durationMs: Math.round(performance.now() - start),
+                });
+                return result;
+            }
+            case "remote": {
+                logger.info("Using remote prover");
+                return this.#remoteCreateChonkProof(executionSteps);
+            }
+            default: {
+                throw new UnreachableCaseError(this.#provingMode);
+            }
+        }
+    }
+    async #remoteCreateChonkProof(executionSteps) {
+        logger.info("Creating chonk proof", { apiUrl: this.apiUrl });
+        const executionStepsSerialized = executionSteps.map((step) => ({
+            functionName: step.functionName,
+            witness: Array.from(step.witness.entries()),
+            bytecode: Base64.fromBytes(step.bytecode),
+            vk: Base64.fromBytes(step.vk),
+            timings: step.timings,
+        }));
+        logger.debug("Serialized payload", { chars: JSON.stringify(executionStepsSerialized).length });
+        const encryptionPublicKey = await this.#fetchEncryptionPublicKey();
+        const encryptedData = Base64.fromBytes(await encrypt({
+            data: Bytes.fromString(JSON.stringify({ executionSteps: executionStepsSerialized })),
+            encryptionPublicKey,
+        })); // TODO(perf): serialize executionSteps -> bytes without intermediate encoding. Needs Aztec to support serialization of the PrivateExecutionStep class.
+        const response = await ky
+            .post(joinURL(this.apiUrl, "prove"), {
+            json: { data: encryptedData },
+            timeout: ms("5 min"),
+            retry: 2,
+        })
+            .json();
+        const data = z
+            .object({
+            proof: schemas.Buffer,
+        })
+            .parse(response);
+        return ChonkProofWithPublicInputs.fromBuffer(data.proof);
+    }
+    async #fetchEncryptionPublicKey() {
+        const response = await ky.get(joinURL(this.apiUrl, "attestation"), { retry: 2 }).json();
+        const data = z
+            .discriminatedUnion("mode", [
+            z.object({ mode: z.literal("standard"), publicKey: z.string() }),
+            z.object({
+                mode: z.literal("nitro"),
+                attestationDocument: z.string(),
+                publicKey: z.string(),
+            }),
+        ])
+            .parse(response);
+        switch (data.mode) {
+            case "standard": {
+                if (this.#attestationConfig.requireAttestation) {
+                    throw new Error("Server is running in standard mode but requireAttestation is enabled. " +
+                        "The server must run inside a TEE to provide attestation.");
+                }
+                logger.warn("Server is running in standard mode (no TEE attestation)");
+                return data.publicKey;
+            }
+            case "nitro": {
+                try {
+                    const { publicKey } = await verifyNitroAttestation(data.attestationDocument, {
+                        expectedPCRs: this.#attestationConfig.expectedPCRs,
+                        maxAgeMs: this.#attestationConfig.maxAgeMs,
+                    });
+                    return publicKey;
+                }
+                catch (err) {
+                    // In browser environments, node:crypto is unavailable. Fall back to the
+                    // server-provided public key. The attestation document was still fetched
+                    // over HTTPS; we just can't verify the COSE_Sign1 chain client-side.
+                    if (err instanceof Error &&
+                        (err.message.includes("node:crypto") || err.message.includes("is not a constructor"))) {
+                        logger.warn("Nitro attestation verification unavailable (browser environment). Using server-provided public key.", { error: err.message });
+                        return data.publicKey;
+                    }
+                    throw err;
+                }
+            }
+        }
+    }
+}
+//# sourceMappingURL=tee-rex-prover.js.map

package/dist/lib/tee-rex-prover.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tee-rex-prover.js","sourceRoot":"","sources":["../../src/lib/tee-rex-prover.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,yBAAyB,EAAE,MAAM,8BAA8B,CAAC;AAEzE,OAAO,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAChD,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,IAAI,CAAC;AACnC,OAAO,EAAE,oBAAoB,EAAgB,MAAM,eAAe,CAAC;AACnE,OAAO,EAAE,OAAO,EAAE,MAAM,KAAK,CAAC;AAC9B,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAiC,sBAAsB,EAAE,MAAM,kBAAkB,CAAC;AACzF,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAIrC,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,KAAK,EAAE,OAAO;IACd,MAAM,EAAE,QAAQ;CACR,CAAC;AAWX;;;;;;GAMG;AACH,MAAM,OAAO,YAAa,SAAQ,yBAAyB;IAK/C;IAJV,YAAY,GAAgB,WAAW,CAAC,MAAM,CAAC;IAC/C,kBAAkB,GAA4B,EAAE,CAAC;IAEjD,YACU,MAAc,EACtB,GAAG,IAA6D;QAEhE,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC;QAHP,WAAM,GAAN,MAAM,CAAQ;IAIxB,CAAC;IAED,gEAAgE;IAChE,cAAc,CAAC,IAAiB;QAC9B,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;IAC3B,CAAC;IAED,6DAA6D;IAC7D,SAAS,CAAC,GAAW;QACnB,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC;IACpB,CAAC;IAED,+EAA+E;IAC/E,oBAAoB,CAAC,MAA+B;QAClD,IAAI,CAAC,kBAAkB,GAAG,MAAM,CAAC;IACnC,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,cAAsC;QAEtC,QAAQ,IAAI,CAAC,YAAY,EAAE,CAAC;YAC1B,KAAK,OAAO,CAAC,CAAC,CAAC;gBACb,MAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE;oBAChC,KAAK,EAAE,cAAc,CAAC,MAAM;oBAC5B,SAAS,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC;iBACrD,CAAC,CAAC;gBACH,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;gBAChC,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC,cAAc,CAAC,CAAC;gBAC5D,MAAM,CAAC,IAAI,CAAC,uBAAuB,EAAE;oBACnC,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;iBAClD,CAAC,CAAC;gBACH,OAAO,MAAM,CAAC;YAChB,CAAC;YACD,KAAK,QAAQ,CAAC,CAAC,CAAC;gBACd,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;gBACnC,OAAO,IAAI,CAAC,uBAAuB,CAAC,cAAc,CAAC,CAAC;YACtD,CAAC;YACD,OAAO,CAAC,CAAC,CAAC;gBACR,MAAM,IAAI,oBAAoB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,uBAAuB,CAC3B,cAAsC;QAEtC,MAAM,CAAC,IAAI,CAAC,sBAAsB,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QAC7D,MAAM,wBAAwB,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAC7D,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YAC3C,QAAQ,EAAE,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC;YACzC,EAAE,EAAE,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC,CAAC,CAAC;QACJ,MAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,wBAAwB,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;QAC/F,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC;QACnE,MAAM,aAAa,GAAG,MAAM,CAAC,SAAS,CACpC,MAAM,OAAO,CAAC;YACZ,IAAI,EAAE,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,cAAc,EAAE,wBAAwB,EAAE,CAAC,CAAC;YACpF,mBAAmB;SACpB,CAAC,CACH,CAAC,CAAC,uJAAuJ;QAC1J,MAAM,QAAQ,GAAG,MAAM,EAAE;aACtB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE;YACnC,IAAI,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE;YAC7B,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC;YACpB,KAAK,EAAE,CAAC;SACT,CAAC;aACD,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,GAAG,CAAC;aACX,MAAM,CAAC;YACN,KAAK,EAAE,OAAO,CAAC,MAAM;SACtB,CAAC;aACD,KAAK,CAAC,QAAQ,CAAC,CAAC;QACnB,OAAO,0BAA0B,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC3D,CAAC;IAED,KAAK,CAAC,yBAAyB;QAC7B,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACxF,MAAM,IAAI,GAAG,CAAC;aACX,kBAAkB,CAAC,MAAM,EAAE;YAC1B,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC;YAChE,CAAC,CAAC,MAAM,CAAC;gBACP,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;gBACxB,mBAAmB,EAAE,CAAC,CAAC,MAAM,EAAE;gBAC/B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;aACtB,CAAC;SACH,CAAC;aACD,KAAK,CAAC,QAAQ,CAAC,CAAC;QAEnB,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;YAClB,KAAK,UAAU,CAAC,CAAC,CAAC;gBAChB,IAAI,IAAI,CAAC,kBAAkB,CAAC,kBAAkB,EAAE,CAAC;oBAC/C,MAAM,IAAI,KAAK,CACb,wEAAwE;wBACtE,0DAA0D,CAC7D,CAAC;gBACJ,CAAC;gBACD,MAAM,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAC;gBACvE,OAAO,IAAI,CAAC,SAAS,CAAC;YACxB,CAAC;YACD,KAAK,OAAO,CAAC,CAAC,CAAC;gBACb,IAAI,CAAC;oBACH,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,sBAAsB,CAAC,IAAI,CAAC,mBAAmB,EAAE;wBAC3E,YAAY,EAAE,IAAI,CAAC,kBAAkB,CAAC,YAAY;wBAClD,QAAQ,EAAE,IAAI,CAAC,kBAAkB,CAAC,QAAQ;qBAC3C,CAAC,CAAC;oBACH,OAAO,SAAS,CAAC;gBACnB,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,wEAAwE;oBACxE,yEAAyE;oBACzE,qEAAqE;oBACrE,IACE,GAAG,YAAY,KAAK;wBACpB,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC,EACrF,CAAC;wBACD,MAAM,CAAC,IAAI,CACT,qGAAqG,EACrG,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CACvB,CAAC;wBACF,OAAO,IAAI,CAAC,SAAS,CAAC;oBACxB,CAAC;oBACD,MAAM,GAAG,CAAC;gBACZ,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;CACF"}

package/dist/test-setup.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=test-setup.d.ts.map

package/dist/test-setup.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"test-setup.d.ts","sourceRoot":"","sources":["../src/test-setup.ts"],"names":[],"mappings":""}

package/dist/test-setup.js

@@ -0,0 +1,10 @@
+import { expect } from "bun:test";
+// Patch expect for @aztec/foundation compatibility
+// @aztec/foundation checks if expect.addEqualityTesters exists (vitest API)
+if (!expect.addEqualityTesters) {
+    expect.addEqualityTesters = () => { };
+}
+if (globalThis.expect && !globalThis.expect.addEqualityTesters) {
+    globalThis.expect.addEqualityTesters = () => { };
+}
+//# sourceMappingURL=test-setup.js.map

package/dist/test-setup.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"test-setup.js","sourceRoot":"","sources":["../src/test-setup.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AAElC,mDAAmD;AACnD,4EAA4E;AAC5E,IAAI,CAAE,MAAc,CAAC,kBAAkB,EAAE,CAAC;IACvC,MAAc,CAAC,kBAAkB,GAAG,GAAG,EAAE,GAAE,CAAC,CAAC;AAChD,CAAC;AACD,IAAK,UAAkB,CAAC,MAAM,IAAI,CAAE,UAAkB,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;IAChF,UAAkB,CAAC,MAAM,CAAC,kBAAkB,GAAG,GAAG,EAAE,GAAE,CAAC,CAAC;AAC3D,CAAC"}

package/package.json

@@ -0,0 +1,59 @@
+{
+  "name": "@alejoamiras/tee-rex",
+  "version": "4.0.0-devnet.2-patch.0",
+  "type": "module",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/alejoamiras/tee-rex",
+    "directory": "packages/sdk"
+  },
+  "exports": "./src/index.ts",
+  "publishConfig": {
+    "exports": {
+      ".": {
+        "default": "./dist/index.js",
+        "types": "./dist/index.d.ts"
+      }
+    },
+    "access": "public"
+  },
+  "files": [
+    "src",
+    "dist"
+  ],
+  "scripts": {
+    "dev": "tsc -w",
+    "build": "rm -rf dist && tsc",
+    "test:unit": "bun test src/",
+    "test:e2e": "bun test --preload ./e2e/e2e-setup.ts e2e/",
+    "test:e2e:nextnet": "AZTEC_NODE_URL=https://nextnet.aztec-labs.com bun test --preload ./e2e/e2e-setup.ts e2e/nextnet.test.ts",
+    "test:lint": "tsc --noEmit --emitDeclarationOnly false",
+    "prepublishOnly": "bun run test:lint && bun run build"
+  },
+  "dependencies": {
+    "@aztec/bb-prover": "4.0.0-devnet.2-patch.0",
+    "@aztec/foundation": "4.0.0-devnet.2-patch.0",
+    "@aztec/noir-acvm_js": "4.0.0-devnet.2-patch.0",
+    "@aztec/noir-noirc_abi": "4.0.0-devnet.2-patch.0",
+    "@aztec/stdlib": "4.0.0-devnet.2-patch.0",
+    "@logtape/logtape": "^2.0",
+    "@peculiar/x509": "^1.12.0",
+    "cbor-x": "^1.6.0",
+    "ky": "^1.14.3",
+    "ms": "^2.1.3",
+    "openpgp": "6.3.0",
+    "ox": "^0.12.1",
+    "ts-essentials": "^10.1.1",
+    "ufo": "^1.6.3",
+    "zod": "^3.23.8"
+  },
+  "devDependencies": {
+    "@aztec/accounts": "4.0.0-devnet.2-patch.0",
+    "@aztec/aztec.js": "4.0.0-devnet.2-patch.0",
+    "@aztec/noir-contracts.js": "4.0.0-devnet.2-patch.0",
+    "@aztec/pxe": "4.0.0-devnet.2-patch.0",
+    "@aztec/simulator": "4.0.0-devnet.2-patch.0",
+    "@aztec/wallets": "4.0.0-devnet.2-patch.0",
+    "@types/ms": "^2.1.0"
+  }
+}

package/src/index.ts

@@ -0,0 +1,7 @@
+export type { AttestationVerifyOptions, NitroAttestationDocument } from "./lib/attestation.js";
+export {
+  AttestationError,
+  AttestationErrorCode,
+  verifyNitroAttestation,
+} from "./lib/attestation.js";
+export * from "./lib/tee-rex-prover.js";

package/src/lib/attestation.test.ts

@@ -0,0 +1,325 @@
+import { describe, expect, test } from "bun:test";
+import { execSync } from "node:child_process";
+import crypto from "node:crypto";
+import { AttestationError, AttestationErrorCode, verifyNitroAttestation } from "./attestation.js";
+
+/**
+ * Generate a P-384 EC key pair and self-signed or CA-signed X.509 certificate
+ * using the openssl CLI. Returns PEM strings and DER bytes.
+ */
+function generateCert(opts: {
+  subject: string;
+  issuerKey?: string;
+  issuerCert?: string;
+  ca?: boolean;
+  days?: number;
+}): { keyPem: string; certPem: string; certDer: Uint8Array } {
+  const { subject, issuerKey, issuerCert, ca = false, days = 365 } = opts;
+
+  // Generate EC P-384 private key
+  const keyPem = execSync("openssl ecparam -genkey -name secp384r1 -noout 2>/dev/null", {
+    encoding: "utf-8",
+  });
+
+  if (issuerKey && issuerCert) {
+    // Create a CSR then sign with issuer
+    const csrPem = execSync(
+      `echo "${keyPem}" | openssl req -new -key /dev/stdin -subj "${subject}" 2>/dev/null`,
+      { encoding: "utf-8" },
+    );
+
+    // Write temp files for openssl x509 -req
+    const tmpKey = `/tmp/test-issuer-key-${Date.now()}.pem`;
+    const tmpCert = `/tmp/test-issuer-cert-${Date.now()}.pem`;
+    const tmpCsr = `/tmp/test-csr-${Date.now()}.pem`;
+    execSync(`cat > ${tmpKey} << 'ENDKEY'\n${issuerKey}\nENDKEY`);
+    execSync(`cat > ${tmpCert} << 'ENDCERT'\n${issuerCert}\nENDCERT`);
+    execSync(`cat > ${tmpCsr} << 'ENDCSR'\n${csrPem}\nENDCSR`);
+
+    let cmd = `openssl x509 -req -in ${tmpCsr} -CA ${tmpCert} -CAkey ${tmpKey} -CAcreateserial -days ${days} -sha384`;
+    if (ca) {
+      cmd += ` -extfile <(echo "basicConstraints=critical,CA:TRUE")`;
+    }
+    const certPem = execSync(`bash -c '${cmd} 2>/dev/null'`, { encoding: "utf-8" });
+
+    // Cleanup
+    execSync(`rm -f ${tmpKey} ${tmpCert} ${tmpCsr} ${tmpCert.replace(".pem", ".srl")}`);
+
+    const certDer = execSync(`echo "${certPem}" | openssl x509 -outform DER 2>/dev/null`);
+
+    return { keyPem, certPem, certDer: new Uint8Array(certDer) };
+  }
+
+  // Self-signed
+  let cmd = `echo "${keyPem}" | openssl req -new -x509 -key /dev/stdin -subj "${subject}" -days ${days} -sha384`;
+  if (ca) {
+    cmd += ` -addext "basicConstraints=critical,CA:TRUE"`;
+  }
+  const certPem = execSync(`bash -c '${cmd} 2>/dev/null'`, { encoding: "utf-8" });
+  const certDer = execSync(`echo "${certPem}" | openssl x509 -outform DER 2>/dev/null`);
+
+  return { keyPem, certPem, certDer: new Uint8Array(certDer) };
+}
+
+/**
+ * Build a synthetic Nitro-style attestation document for testing.
+ *
+ * Creates a 3-cert chain (root → intermediate → leaf), builds a CBOR attestation
+ * payload, and wraps it in a COSE_Sign1 envelope signed by the leaf key.
+ */
+async function buildTestAttestation(
+  overrides: {
+    publicKey?: string;
+    nonce?: string;
+    pcrs?: Record<number, string>;
+    timestamp?: number | bigint;
+  } = {},
+) {
+  const { encode: encodeCbor } = await import("cbor-x");
+
+  // Generate certificate chain: root → intermediate → leaf (all P-384)
+  const root = generateCert({ subject: "/CN=Test Root CA", ca: true });
+  const intermediate = generateCert({
+    subject: "/CN=Test Intermediate",
+    issuerKey: root.keyPem,
+    issuerCert: root.certPem,
+    ca: true,
+  });
+  const leaf = generateCert({
+    subject: "/CN=Test Leaf",
+    issuerKey: intermediate.keyPem,
+    issuerCert: intermediate.certPem,
+  });
+
+  // Build PCR map
+  const pcrs = new Map<number, Uint8Array>();
+  if (overrides.pcrs) {
+    for (const [index, hex] of Object.entries(overrides.pcrs)) {
+      pcrs.set(Number(index), Buffer.from(hex, "hex"));
+    }
+  } else {
+    pcrs.set(0, new Uint8Array(48));
+  }
+
+  const embeddedPublicKey = overrides.publicKey ?? "test-public-key-pem";
+  const timestamp = overrides.timestamp ?? Date.now();
+
+  // Build the attestation document payload
+  const attestationPayload: Record<string, unknown> = {
+    module_id: "test-module-id",
+    timestamp,
+    digest: "SHA384",
+    pcrs,
+    certificate: leaf.certDer,
+    cabundle: [root.certDer, intermediate.certDer],
+    public_key: new TextEncoder().encode(embeddedPublicKey),
+  };
+
+  if (overrides.nonce) {
+    attestationPayload.nonce = Buffer.from(overrides.nonce, "hex");
+  }
+
+  // Encode payload as CBOR
+  const payloadBytes = encodeCbor(attestationPayload);
+
+  // Build COSE_Sign1 protected headers (empty map)
+  const protectedHeaders = encodeCbor(new Map());
+
+  // Build Sig_structure = ["Signature1", protected_headers, external_aad, payload]
+  const sigStructure = encodeCbor(["Signature1", protectedHeaders, Buffer.alloc(0), payloadBytes]);
+
+  // Sign with leaf private key (ECDSA P-384 SHA384, ieee-p1363 format)
+  const leafPrivateKey = crypto.createPrivateKey(leaf.keyPem);
+  const signer = crypto.createSign("SHA384");
+  signer.update(sigStructure);
+  const signature = signer.sign({ key: leafPrivateKey, dsaEncoding: "ieee-p1363" });
+
+  // Wrap in COSE_Sign1: [protected, unprotected, payload, signature]
+  const coseSign1 = encodeCbor([protectedHeaders, {}, payloadBytes, signature]);
+
+  const base64 = Buffer.from(coseSign1).toString("base64");
+
+  return { base64, rootCaPem: root.certPem, embeddedPublicKey, timestamp };
+}
+
+describe("verifyNitroAttestation", () => {
+  describe("rejection (invalid input)", () => {
+    test("rejects invalid base64 input", async () => {
+      await expect(verifyNitroAttestation("not-valid-base64!!!")).rejects.toThrow();
+    });
+
+    test("rejects non-CBOR data", async () => {
+      const data = Buffer.from("just plain text").toString("base64");
+      await expect(verifyNitroAttestation(data)).rejects.toThrow();
+    });
+
+    test("rejects empty CBOR array", async () => {
+      const { encode } = await import("cbor-x");
+      const data = Buffer.from(encode([])).toString("base64");
+      await expect(verifyNitroAttestation(data)).rejects.toThrow(AttestationError);
+    });
+
+    test("rejects CBOR array with wrong length and sets INVALID_COSE code", async () => {
+      const { encode } = await import("cbor-x");
+      const data = Buffer.from(encode([new Uint8Array(), {}, new Uint8Array()])).toString("base64");
+      try {
+        await verifyNitroAttestation(data);
+        expect.unreachable("should have thrown");
+      } catch (err) {
+        expect(err).toBeInstanceOf(AttestationError);
+        expect((err as AttestationError).code).toBe(AttestationErrorCode.INVALID_COSE);
+      }
+    });
+  });
+
+  describe("happy path", () => {
+    test("verifies a valid attestation document and returns the public key", async () => {
+      const { base64, rootCaPem, embeddedPublicKey } = await buildTestAttestation();
+      const result = await verifyNitroAttestation(base64, { rootCaPem });
+
+      expect(result.publicKey).toBe(embeddedPublicKey);
+      expect(result.document.moduleId).toBe("test-module-id");
+      expect(result.document.digest).toBe("SHA384");
+      expect(result.document.pcrs.get(0)).toBeInstanceOf(Uint8Array);
+    });
+
+    test("verifies attestation with BigInt timestamp (real Nitro encoding)", async () => {
+      // Real Nitro enclaves encode timestamp as CBOR uint64, which cbor-x decodes as BigInt
+      const { base64, rootCaPem, embeddedPublicKey } = await buildTestAttestation({
+        timestamp: BigInt(Date.now()),
+      });
+      const result = await verifyNitroAttestation(base64, { rootCaPem });
+
+      expect(result.publicKey).toBe(embeddedPublicKey);
+      expect(typeof result.document.timestamp).toBe("number");
+      expect(result.document.timestamp).toBeCloseTo(Date.now(), -3);
+    });
+
+    test("verifies with matching PCR values", async () => {
+      const pcr0Hex = "aa".repeat(48);
+      const { base64, rootCaPem } = await buildTestAttestation({
+        pcrs: { 0: pcr0Hex },
+      });
+      const result = await verifyNitroAttestation(base64, {
+        rootCaPem,
+        expectedPCRs: { 0: pcr0Hex },
+      });
+      expect(result.document.pcrs.get(0)).toBeDefined();
+    });
+
+    test("verifies with matching nonce", async () => {
+      const nonce = "deadbeef01020304";
+      const { base64, rootCaPem, embeddedPublicKey } = await buildTestAttestation({ nonce });
+      const result = await verifyNitroAttestation(base64, {
+        rootCaPem,
+        expectedNonce: nonce,
+      });
+      expect(result.publicKey).toBe(embeddedPublicKey);
+    });
+  });
+
+  describe("verification failures", () => {
+    test("rejects expired attestation with EXPIRED code", async () => {
+      const { base64, rootCaPem } = await buildTestAttestation({
+        timestamp: Date.now() - 10 * 60 * 1000,
+      });
+      try {
+        await verifyNitroAttestation(base64, { rootCaPem, maxAgeMs: 60_000 });
+        expect.unreachable("should have thrown");
+      } catch (err) {
+        expect(err).toBeInstanceOf(AttestationError);
+        expect((err as AttestationError).code).toBe(AttestationErrorCode.EXPIRED);
+      }
+    });
+
+    test("rejects PCR mismatch with PCR_MISMATCH code", async () => {
+      const { base64, rootCaPem } = await buildTestAttestation({
+        pcrs: { 0: "aa".repeat(48) },
+      });
+      try {
+        await verifyNitroAttestation(base64, {
+          rootCaPem,
+          expectedPCRs: { 0: "bb".repeat(48) },
+        });
+        expect.unreachable("should have thrown");
+      } catch (err) {
+        expect(err).toBeInstanceOf(AttestationError);
+        expect((err as AttestationError).code).toBe(AttestationErrorCode.PCR_MISMATCH);
+      }
+    });
+
+    test("rejects nonce mismatch with NONCE_MISMATCH code", async () => {
+      const { base64, rootCaPem } = await buildTestAttestation({
+        nonce: "deadbeef01020304",
+      });
+      try {
+        await verifyNitroAttestation(base64, {
+          rootCaPem,
+          expectedNonce: "0000000000000000",
+        });
+        expect.unreachable("should have thrown");
+      } catch (err) {
+        expect(err).toBeInstanceOf(AttestationError);
+        expect((err as AttestationError).code).toBe(AttestationErrorCode.NONCE_MISMATCH);
+      }
+    });
+
+    test("rejects missing nonce with NONCE_MISMATCH code", async () => {
+      const { base64, rootCaPem } = await buildTestAttestation();
+      try {
+        await verifyNitroAttestation(base64, {
+          rootCaPem,
+          expectedNonce: "deadbeef",
+        });
+        expect.unreachable("should have thrown");
+      } catch (err) {
+        expect(err).toBeInstanceOf(AttestationError);
+        expect((err as AttestationError).code).toBe(AttestationErrorCode.NONCE_MISMATCH);
+      }
+    });
+
+    test("rejects wrong root CA", async () => {
+      const { base64 } = await buildTestAttestation();
+      // Use default root CA (AWS Nitro) — won't match test chain
+      await expect(verifyNitroAttestation(base64)).rejects.toThrow();
+    });
+
+    test("rejects mismatched root CA with CHAIN_FAILED code", async () => {
+      const { base64 } = await buildTestAttestation();
+      // Generate a different root CA — valid cert but didn't sign our chain
+      const otherRoot = generateCert({ subject: "/CN=Other Root CA", ca: true });
+      try {
+        await verifyNitroAttestation(base64, { rootCaPem: otherRoot.certPem });
+        expect.unreachable("should have thrown");
+      } catch (err) {
+        expect(err).toBeInstanceOf(AttestationError);
+        expect((err as AttestationError).code).toBe(AttestationErrorCode.CHAIN_FAILED);
+      }
+    });
+  });
+});
+
+/**
+ * Integration test against a real Nitro TEE endpoint.
+ * Skips when TEE_URL is not set (e.g., local dev without TEE access).
+ */
+describe.skipIf(!process.env.TEE_URL)("Real Nitro attestation (integration)", () => {
+  test("verifies attestation from production TEE", async () => {
+    const res = await fetch(`${process.env.TEE_URL}/attestation`);
+    expect(res.ok).toBe(true);
+    const body = (await res.json()) as {
+      mode: string;
+      attestationDocument: string;
+      publicKey: string;
+    };
+    expect(body.mode).toBe("nitro");
+    expect(body.attestationDocument).toBeDefined();
+
+    const { publicKey, document } = await verifyNitroAttestation(body.attestationDocument);
+    expect(publicKey).toContain("-----BEGIN PGP PUBLIC KEY BLOCK-----");
+    expect(document.moduleId).toBeDefined();
+    expect(document.digest).toBe("SHA384");
+    expect(document.pcrs.get(0)).toBeInstanceOf(Uint8Array);
+    expect(document.timestamp).toBeGreaterThan(0);
+  });
+});